Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service...
7.2CVSS
7.1AI Score
0.0004EPSS
8.8CVSS
7AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web...
9.8CVSS
9.4AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web...
9.8CVSS
9.5AI Score
0.0004EPSS
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name...
10CVSS
7.2AI Score
0.976EPSS
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an...
7.5CVSS
9.5AI Score
0.022EPSS
Fortinet FortiWeb - Buffer overflow in execute backup-local command (FG-IR-22-164)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-164 advisory. A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version...
7.2CVSS
8.4AI Score
0.001EPSS
Fortinet FortiWeb - Command injection in CLI backup functionality (FG-IR-22-131)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-131 advisory. An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in...
7.2CVSS
8AI Score
0.001EPSS
Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code...
9.8CVSS
8AI Score
0.001EPSS
Summary IP from Node.js is used by IBM Storage Fusion as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code on...
9.8CVSS
8AI Score
0.001EPSS
SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure
The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which...
6.7AI Score
Achieve Security Compliance with Wazuh File Integrity Monitoring
File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of...
6.7AI Score
Veeam Backup Enterprise Manager Vulnerabilities (CVE-2024-29849, CVE-2024-29850, CVE-2024-29851,...
9.8CVSS
6.9AI Score
0.0004EPSS
New Readiness Check - Multiple Veeam Backup Servers Are Required by One Recovery Plan
Starting in VRO 7.1, the readiness check will display a warning if a Recovery Plan would require multiple Veeam Backup & Replication (VBR)...
7.1AI Score
Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern....
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in...
6.6AI Score
0.0004EPSS
CVE-2024-35853 mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.9AI Score
0.0004EPSS
CVE-2024-35853 mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.5AI Score
0.0004EPSS
CVE-2024-35840 mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately...
6.6AI Score
0.0004EPSS
CVE-2024-35807 ext4: fix corruption during on-line resize
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
7.5AI Score
0.0004EPSS
CVE-2024-35807 ext4: fix corruption during on-line resize
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
6.7AI Score
0.0004EPSS
CVE-2024-35795 drm/amdgpu: fix deadlock while reading mqd from debugfs
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....
7.4AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through...
7.5CVSS
6.7AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-24869 WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through...
7.5CVSS
7.5AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through...
8.8CVSS
8.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through...
8.8CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through...
8.8CVSS
8.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through...
8.8CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in...
6.6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...
10CVSS
9.5AI Score
EPSS
5.4CVSS
5.2AI Score
0.0004EPSS